Align organizational controls to NIST CSF 2.0 and other relevant frameworks, translating policies into measurable technical standards and control requirements
Maintain continuous SOC 2 Type II readiness by managing the year-round evidence lifecycle and validating control effectiveness across all Trust Services Criteria using GRC tools
Conduct and support technology and cybersecurity risk assessments across key domains, including IAM, change management, incident response, vulnerability management, logging and monitoring, cloud/SaaS, data protection, endpoint security, and backup/disaster recovery
Monitor control performance and risk telemetry against established thresholds, proactively identifying, escalating, and addressing at-risk controls before critical failure points are reached
Lead corrective action plans (CAPs) for identified gaps, partnering with control owners to drive timely remediation and root cause resolution
Perform risk-based assessments of critical third parties, including SaaS, AI, and cloud providers, evaluating SOC reports and security posture against internal risk standards
Document control design and operating effectiveness, including process narratives, control mappings, and evidence standards
Serve as a liaison for internal and external audits, providing clear, defensible documentation and rationale for control decisions
Develop executive dashboards and reporting that provide visibility into framework alignment, control health, and audit readiness, enabling proactive risk insights for leadership
Collaborate cross-functionally with business and technology teams to embed security and risk standards into products and services and support timely, comprehensive risk reporting to senior leadership
Perform other duties as assigned.

Requirements

Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Risk, Finance/Accounting, or related field (or equivalent practical experience)
3+ years of experience in technology risk, information security, IT audit, compliance, GRC, or IT operations
CRISC, CISA, or similar certification preferred
Cloud certifications such as AWS Cloud Practitioner or Azure Fundamentals (AZ-900) preferred
Working knowledge of identity and access management principles, including least privilege, multi-factor authentication, and access reviews
Familiarity with SDLC and change management controls, incident management processes, vulnerability management, and basic security monitoring concepts
Understanding of third-party risk management practices and penetration testing processes
General knowledge of networking, operating systems, enterprise IT systems, and cloud computing concepts
Familiarity with security and risk management frameworks such as NIST and SOC 2
Proficiency with spreadsheets, documentation platforms, ticketing/work management tools (e.g., Jira), and collaboration tools
Ability to translate complex security concepts into clear, actionable communication for both technical and non-technical audiences
Strong organizational, analytical, and critical thinking skills with high attention to detail and commitment to quality
Demonstrated ability to manage and influence multiple stakeholders across functions through clear written and verbal communication
Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes
Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.

Benefits

Up to 83% subsidized medical payroll deductions
Competitive dental and vision benefits
401(k) + match
Pre-tax transit and commuting benefits
A robust health and wellness program – earn cash rewards and gain access to resources that promote health, engagement, and balance
Paid maternity and parental leave, as well as other family paid leave programs
Company-paid life, short and long-term disability insurance
Health Savings Account and Healthcare and Dependent Care Flexible Spending
Career development opportunities
Empowerment and encouragement to give back – volunteer hours and donation matching

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

technology riskinformation securityIT auditcomplianceGRCidentity and access managementvulnerability managementpenetration testingcloud computingsecurity monitoring

Soft Skills

organizational skillsanalytical skillscritical thinkingcommunication skillsstakeholder managementownershippatienceattention to detailcollaborationproblem-solving

Certifications

CRISCCISAAWS Cloud PractitionerAzure Fundamentals (AZ-900)